aboutsummaryrefslogtreecommitdiffstats
path: root/config/freeradius2
diff options
context:
space:
mode:
Diffstat (limited to 'config/freeradius2')
-rw-r--r--config/freeradius2/freeradius.inc364
-rw-r--r--config/freeradius2/freeradius.xml16
-rw-r--r--config/freeradius2/freeradius_view_config.php14
-rw-r--r--config/freeradius2/freeradiusauthorizedmacs.xml14
-rw-r--r--config/freeradius2/freeradiuscerts.xml2
-rw-r--r--config/freeradius2/freeradiusclients.xml10
-rw-r--r--config/freeradius2/freeradiuseapconf.xml22
-rw-r--r--config/freeradius2/freeradiusinterfaces.xml4
-rw-r--r--config/freeradius2/freeradiusmodulesldap.xml8
-rw-r--r--config/freeradius2/freeradiussettings.xml17
-rw-r--r--config/freeradius2/freeradiussqlconf.xml30
11 files changed, 236 insertions, 265 deletions
diff --git a/config/freeradius2/freeradius.inc b/config/freeradius2/freeradius.inc
index a18872fc..df231821 100644
--- a/config/freeradius2/freeradius.inc
+++ b/config/freeradius2/freeradius.inc
@@ -48,63 +48,67 @@ require_once("services.inc");
// Check pfSense version
$pfs_version = substr(trim(file_get_contents("/etc/version")),0,3);
-if ($pfs_version > 2.0){
- define('FREERADIUS_BASE', '/usr/pbi/freeradius-' . php_uname("m"));
-}
-else{
- define('FREERADIUS_BASE', '/usr/local');
+define('FREERADIUS_BASE', '/usr/pbi/freeradius-' . php_uname("m"));
+$bash_path = FREERADIUS_BASE . "/bin/bash";
+
+if ($pfs_version == "2.1") {
+ define('FREERADIUS_LIB', FREERADIUS_BASE . '/lib');
+ define('FREERADIUS_ETC', FREERADIUS_BASE . '/etc');
+} else {
+ define('FREERADIUS_LIB', FREERADIUS_BASE . '/local/lib');
+ define('FREERADIUS_ETC', FREERADIUS_BASE . '/local/etc');
}
// Check freeradius lib version
$frlib="";
- $libfiles = scandir(FREERADIUS_BASE . "/lib/");
- foreach ($libfiles as $libfile){
- if (preg_match("/freeradius-/",$libfile))
- $frlib=FREERADIUS_BASE . "/lib/{$libfile}";
+ if (file_exists(FREERADIUS_LIB)) {
+ $libfiles = scandir(FREERADIUS_LIB);
+ foreach ($libfiles as $libfile){
+ if (preg_match("/freeradius-/",$libfile))
+ $frlib=FREERADIUS_BASE . "/lib/{$libfile}";
+ }
}
if ($frlib == ""){
log_error("freeRADIUS - No freeradius lib found on ".FREERADIUS_BASE."/lib");
}
function freeradius_deinstall_command() {
- if (substr(trim(file_get_contents("/etc/version")),0,3) == "2.0") {
- exec("cd /var/db/pkg && pkg_delete `ls | grep freeradius`");
- exec("rm -rf " . FREERADIUS_BASE . "/etc/raddb");
- exec("rm -rf /var/run/radiusd/");
- }
+ return;
}
function freeradius_install_command() {
- global $config;
+ global $config, $frlib;
conf_mount_rw();
- // put the constant to a variable
- $varFREERADIUS_BASE = FREERADIUS_BASE;
-
// We create here different folders for different counters.
- if (!file_exists("/var/log/radacct/datacounter/")) { exec("mkdir /var/log/radacct/datacounter && mkdir /var/log/radacct/datacounter/daily && mkdir /var/log/radacct/datacounter/weekly && mkdir /var/log/radacct/datacounter/monthly && mkdir /var/log/radacct/datacounter/forever"); }
- if (!file_exists("/var/log/radacct/timecounter/")) { exec("mkdir /var/log/radacct/timecounter"); }
-
- exec("mkdir " . FREERADIUS_BASE . "/etc/raddb/scripts");
+ @mkdir("/var/log/radacct/datacounter/daily", 0755, true);
+ @mkdir("/var/log/radacct/datacounter/weekly", 0755, true);
+ @mkdir("/var/log/radacct/datacounter/monthly", 0755, true);
+ @mkdir("/var/log/radacct/datacounter/forever", 0755, true);
+ @mkdir("/var/log/radacct/timecounter", 0755, true);
+ @mkdir(FREERADIUS_ETC . "/raddb/scripts", 0755, true);
+
+ unlink_if_exists("/usr/local/etc/raddb");
+ @symlink(FREERADIUS_ETC . "/raddb", "/usr/local/etc/raddb");
if (!file_exists("/var/log/radutmp")) { exec("touch /var/log/radutmp"); }
if (!file_exists("/var/log/radwtmp")) { exec("touch /var/log/radwtmp"); }
- exec("chown -R root:wheel " . FREERADIUS_BASE . "/etc/raddb && chown -R root:wheel {$frlib} && chown -R root:wheel /var/log/radacct");
+ exec("chown -R root:wheel " . FREERADIUS_ETC . "/raddb && chown -R root:wheel {$frlib} && chown -R root:wheel /var/log/radacct");
// creating a backup file of the original policy.conf no matter if user checked this or not
- if (!file_exists(FREERADIUS_BASE . "/etc/raddb/policy.conf.backup")) {
- log_error("FreeRADIUS: Creating backup of the original file to " . FREERADIUS_BASE . "/etc/raddb/policy.conf.backup");
- copy(FREERADIUS_BASE . "/etc/raddb/policy.conf", FREERADIUS_BASE . "/etc/raddb/policy.conf.backup");
+ if (!file_exists(FREERADIUS_ETC . "/raddb/policy.conf.backup")) {
+ log_error("FreeRADIUS: Creating backup of the original file to " . FREERADIUS_ETC . "/raddb/policy.conf.backup");
+ copy(FREERADIUS_ETC . "/raddb/policy.conf", FREERADIUS_ETC . "/raddb/policy.conf.backup");
}
// creating a backup file of the original /modules/files no matter if user checked this or not
- if (!file_exists(FREERADIUS_BASE . "/etc/raddb/files.backup")) {
- log_error("FreeRADIUS: Creating backup of the original file to " . FREERADIUS_BASE . "/etc/raddb/files.backup");
- copy(FREERADIUS_BASE . "/etc/raddb/modules/files", FREERADIUS_BASE . "/etc/raddb/files.backup");
+ if (!file_exists(FREERADIUS_ETC . "/raddb/files.backup")) {
+ log_error("FreeRADIUS: Creating backup of the original file to " . FREERADIUS_ETC . "/raddb/files.backup");
+ copy(FREERADIUS_ETC . "/raddb/modules/files", FREERADIUS_ETC . "/raddb/files.backup");
}
// Disable virtual-server we do not need by default
- if (file_exists(FREERADIUS_BASE . "/etc/raddb/sites-enabled/control-socket")) { unlink(FREERADIUS_BASE . "/etc/raddb/sites-enabled/control-socket"); }
- if (file_exists(FREERADIUS_BASE . "/etc/raddb/sites-enabled/inner-tunnel")) { unlink(FREERADIUS_BASE . "/etc/raddb/sites-enabled/inner-tunnel"); }
+ if (file_exists(FREERADIUS_ETC . "/raddb/sites-enabled/control-socket")) { unlink(FREERADIUS_ETC . "/raddb/sites-enabled/control-socket"); }
+ if (file_exists(FREERADIUS_ETC . "/raddb/sites-enabled/inner-tunnel")) { unlink(FREERADIUS_ETC . "/raddb/sites-enabled/inner-tunnel"); }
// We run this here just to suppress some warnings on syslog if file doesn't exist
freeradius_authorizedmacs_resync();
@@ -130,8 +134,8 @@ function freeradius_install_command() {
$rcfile = array();
$rcfile['file'] = 'radiusd.sh';
- $rcfile['start'] = "$varFREERADIUS_BASE" . '/etc/rc.d/radiusd onestart';
- $rcfile['stop'] = "$varFREERADIUS_BASE" . '/etc/rc.d/radiusd onestop';
+ $rcfile['start'] = FREERADIUS_ETC . '/rc.d/radiusd onestart';
+ $rcfile['stop'] = FREERADIUS_ETC . '/rc.d/radiusd onestop';
write_rcfile($rcfile);
conf_mount_ro();
start_service("radiusd");
@@ -251,7 +255,7 @@ extended_expressions = $varsettingsextendedexpressions
EOD;
// Deletes virtual-server coa by default. Will be re-enabled if there is an interface-type "coa"
-exec("rm -f " . FREERADIUS_BASE . "/etc/raddb/sites-enabled/coa");
+exec("rm -f " . FREERADIUS_ETC . "/raddb/sites-enabled/coa");
$arrinterfaces = $config['installedpackages']['freeradiusinterfaces']['config'];
if (is_array($arrinterfaces) && !empty($arrinterfaces)) {
@@ -278,7 +282,7 @@ EOD;
// Begin "if" for interface-type = coa
if ($item['varinterfacetype'] == 'coa') {
// Enables virtual-server coa because interface-type is coa
- exec("ln -s " . FREERADIUS_BASE . "/etc/raddb/sites-available/coa " . FREERADIUS_BASE . "/etc/raddb/sites-enabled/");
+ exec("ln -s " . FREERADIUS_ETC . "/raddb/sites-available/coa " . FREERADIUS_ETC . "/raddb/sites-enabled/");
$conf .= <<<EOD
listen {
type = $varinterfacetype
@@ -369,7 +373,7 @@ instantiate {
EOD;
conf_mount_rw();
- file_put_contents(FREERADIUS_BASE . '/etc/raddb/radiusd.conf', $conf);
+ file_put_contents(FREERADIUS_ETC . '/raddb/radiusd.conf', $conf);
conf_mount_ro();
// "freeradius_sqlconf_resync" is pointing to this function because we need to run "freeradius_serverdefault_resync" and after that restart freeradius.
@@ -570,7 +574,7 @@ if (is_array($arrusers) && !empty($arrusers)) {
if ($varusersmaxtotaloctets != '') {
if ($varusersreplyitem != '') { $varusersreplyitem .=","; }
//create exec script
- $varusersreplyitem .= "\n\tExec-Program-Wait = " . '"/bin/sh ' . FREERADIUS_BASE . '/etc/raddb/scripts/datacounter_auth.sh ' . "$varusersusername $varusersmaxtotaloctetstimerange" . '"';
+ $varusersreplyitem .= "\n\tExec-Program-Wait = " . '"/bin/sh ' . FREERADIUS_ETC . '/raddb/scripts/datacounter_auth.sh ' . "$varusersusername $varusersmaxtotaloctetstimerange" . '"';
// create limit file - will be always overwritten so we can increase limit from GUI
exec("`echo $varusersmaxtotaloctets > /var/log/radacct/datacounter/$varusersmaxtotaloctetstimerange/max-octets-$varusersusername`");
// if used-octets file exist we do NOT overwrite this file!!!
@@ -598,7 +602,7 @@ EOD;
} //end foreach
} // end if
- $filename = FREERADIUS_BASE . '/etc/raddb/users';
+ $filename = FREERADIUS_ETC . '/raddb/users';
conf_mount_rw();
file_put_contents($filename, $conf);
chmod($filename, 0640);
@@ -764,7 +768,7 @@ if (is_array($arrmacs) && !empty($arrmacs)) {
if ($varmacsmaxtotaloctets != '') {
if ($varmacsreplyitem != '') { $varmacsreplyitem .=","; }
//create exec script
- $varmacsreplyitem .= "\n\tExec-Program-Wait = " . '"/bin/sh ' . FREERADIUS_BASE . '/etc/raddb/scripts/datacounter_auth.sh ' . "$varmacsaddress $varmacsmaxtotaloctetstimerange" . '"';
+ $varmacsreplyitem .= "\n\tExec-Program-Wait = " . '"/bin/sh ' . FREERADIUS_ETC . '/raddb/scripts/datacounter_auth.sh ' . "$varmacsaddress $varmacsmaxtotaloctetstimerange" . '"';
// create limit file - will be always overwritten so we can increase limit from GUI
exec("`echo $varmacsmaxtotaloctets > /var/log/radacct/datacounter/$varmacsmaxtotaloctetstimerange/max-octets-$varmacsaddress`");
// if used-octets file exist we do NOT overwrite this file!!!
@@ -792,7 +796,7 @@ EOD;
} //end foreach
} // end if
- $filename = FREERADIUS_BASE . '/etc/raddb/authorized_macs';
+ $filename = FREERADIUS_ETC . '/raddb/authorized_macs';
conf_mount_rw();
file_put_contents($filename, $conf);
chmod($filename, 0640);
@@ -863,7 +867,7 @@ EOD;
}
conf_mount_rw();
- file_put_contents(FREERADIUS_BASE . '/etc/raddb/clients.conf', $conf);
+ file_put_contents(FREERADIUS_ETC . '/raddb/clients.conf', $conf);
conf_mount_ro();
freeradius_sync_on_changes();
@@ -931,12 +935,12 @@ function freeradius_eapconf_resync() {
// This is for enable/disbable MS SoH in EAP-PEAP and the virtuial-server "soh-server"
if ($eapconf['vareapconfpeapsohenable'] == 'Enable') {
$vareapconfpeapsoh = 'soh = yes' . "\n\t\t\tsoh_virtual_server = " . '"' . "soh-server" . '"';
- exec("ln -s " . FREERADIUS_BASE . "/etc/raddb/sites-available/soh " . FREERADIUS_BASE . "/etc/raddb/sites-enabled/");
+ exec("ln -s " . FREERADIUS_ETC . "/raddb/sites-available/soh " . FREERADIUS_ETC . "/raddb/sites-enabled/");
}
else {
$vareapconfpeapsoh = '### MS SoH Server is disabled ###';
- if (file_exists(FREERADIUS_BASE . "/etc/raddb/sites-enabled/soh")) {
- exec("rm -f " . FREERADIUS_BASE . "/etc/raddb/sites-enabled/soh");
+ if (file_exists(FREERADIUS_ETC . "/raddb/sites-enabled/soh")) {
+ exec("rm -f " . FREERADIUS_ETC . "/raddb/sites-enabled/soh");
}
}
@@ -950,9 +954,9 @@ if ($eapconf['vareapconfchoosecertmanager'] == 'on') {
$ca_cert = lookup_ca($eapconf["ssl_ca_cert"]);
if ($ca_cert != false) {
if(base64_decode($ca_cert['prv'])) {
- file_put_contents(FREERADIUS_BASE . "/etc/raddb/certs/ca_key.pem",
+ file_put_contents(FREERADIUS_ETC . "/raddb/certs/ca_key.pem",
base64_decode($ca_cert['prv']));
- $conf['ssl_ca_key'] = FREERADIUS_BASE . '/etc/raddb/certs/ca_key.pem';
+ $conf['ssl_ca_key'] = FREERADIUS_ETC . '/raddb/certs/ca_key.pem';
}
@@ -965,24 +969,24 @@ if ($eapconf['vareapconfchoosecertmanager'] == 'on') {
else{
$check_crl="check_crl = no";
}
- file_put_contents(FREERADIUS_BASE . "/etc/raddb/certs/ca_cert.pem",
+ file_put_contents(FREERADIUS_ETC . "/raddb/certs/ca_cert.pem",
base64_decode($ca_cert['crt']). $crl);
- $conf['ssl_ca_cert'] = FREERADIUS_BASE . "/etc/raddb/certs/ca_cert.pem";
+ $conf['ssl_ca_cert'] = FREERADIUS_ETC . "/raddb/certs/ca_cert.pem";
}
$svr_cert = lookup_cert($eapconf["ssl_server_cert"]);
if ($svr_cert != false) {
if(base64_decode($svr_cert['prv'])) {
- file_put_contents(FREERADIUS_BASE . "/etc/raddb/certs/server_key.pem",
+ file_put_contents(FREERADIUS_ETC . "/raddb/certs/server_key.pem",
base64_decode($svr_cert['prv']));
- $conf['ssl_key'] = FREERADIUS_BASE . '/etc/raddb/certs/server_key.pem';
+ $conf['ssl_key'] = FREERADIUS_ETC . '/raddb/certs/server_key.pem';
}
}
if(base64_decode($svr_cert['crt'])) {
- file_put_contents(FREERADIUS_BASE . "/etc/raddb/certs/server_cert.pem",
+ file_put_contents(FREERADIUS_ETC . "/raddb/certs/server_cert.pem",
base64_decode($svr_cert['crt']));
- $conf['ssl_server_cert'] = FREERADIUS_BASE . "/etc/raddb/certs/server_cert.pem";
+ $conf['ssl_server_cert'] = FREERADIUS_ETC . "/raddb/certs/server_cert.pem";
}
/* Not needed anymore because pfsense can do this by default
@@ -990,23 +994,23 @@ if ($eapconf['vareapconfchoosecertmanager'] == 'on') {
$svr_cert = lookup_cert($eapconf["ssl_client_cert"]);
if ($svr_cert != false) {
if(base64_decode($svr_cert['prv'])) {
- file_put_contents(FREERADIUS_BASE . "/etc/raddb/certs/client_key.pem",
+ file_put_contents(FREERADIUS_ETC . "/raddb/certs/client_key.pem",
base64_decode($svr_cert['prv']));
- $conf['ssl_key'] = FREERADIUS_BASE . '/etc/raddb/certs/client_key.pem';
+ $conf['ssl_key'] = FREERADIUS_ETC . '/raddb/certs/client_key.pem';
}
}
if(base64_decode($svr_cert['crt'])) {
- file_put_contents(FREERADIUS_BASE . "/etc/raddb/certs/client_cert.pem",
+ file_put_contents(FREERADIUS_ETC . "/raddb/certs/client_cert.pem",
base64_decode($svr_cert['crt']));
- $conf['ssl_client_cert'] = FREERADIUS_BASE . "/etc/raddb/certs/client_cert.pem";
+ $conf['ssl_client_cert'] = FREERADIUS_ETC . "/raddb/certs/client_cert.pem";
}
- exec("openssl pkcs12 -export -in " . FREERADIUS_BASE . "/etc/raddb/certs/client_cert.pem -inkey " . FREERADIUS_BASE . "/etc/raddb/certs/client_key.pem -out " . FREERADIUS_BASE . "/etc/raddb/certs/client_cert.p12 -passout pass\:");
+ exec("openssl pkcs12 -export -in " . FREERADIUS_ETC . "/raddb/certs/client_cert.pem -inkey " . FREERADIUS_ETC . "/raddb/certs/client_key.pem -out " . FREERADIUS_ETC . "/raddb/certs/client_cert.p12 -passout pass\:");
}
*/
- $conf['ssl_cert_dir'] = FREERADIUS_BASE . '/etc/raddb/certs';
+ $conf['ssl_cert_dir'] = FREERADIUS_ETC . '/raddb/certs';
}
$vareapconfprivatekeyfile = 'server_key.pem';
@@ -1015,11 +1019,11 @@ if ($eapconf['vareapconfchoosecertmanager'] == 'on') {
// generate new DH and RANDOM file
// We create a single empty file just to check if there is really a change from one to another cert manager to avoid building ne DH and random files
- if (!file_exists(FREERADIUS_BASE . "/etc/raddb/certs/pfsense_cert_mgr")) {
- log_error("freeRADIUS: Switched to pfSense Cert-Manager. Creating new DH and random file in " . FREERADIUS_BASE . "/etc/raddb/certs");
- exec("cd " . FREERADIUS_BASE . "/etc/raddb/certs && openssl dhparam -out dh 1024");
- exec("cd " . FREERADIUS_BASE . "/etc/raddb/certs && dd if=/dev/urandom of=./random count=10");
- exec("touch " . FREERADIUS_BASE . "/etc/raddb/certs/pfsense_cert_mgr");
+ if (!file_exists(FREERADIUS_ETC . "/raddb/certs/pfsense_cert_mgr")) {
+ log_error("freeRADIUS: Switched to pfSense Cert-Manager. Creating new DH and random file in " . FREERADIUS_ETC . "/raddb/certs");
+ exec("cd " . FREERADIUS_ETC . "/raddb/certs && openssl dhparam -out dh 1024");
+ exec("cd " . FREERADIUS_ETC . "/raddb/certs && dd if=/dev/urandom of=./random count=10");
+ exec("touch " . FREERADIUS_ETC . "/raddb/certs/pfsense_cert_mgr");
}
}
@@ -1114,7 +1118,7 @@ else {
}
EOD;
- $filename = FREERADIUS_BASE . '/etc/raddb/eap.conf';
+ $filename = FREERADIUS_ETC . '/raddb/eap.conf';
file_put_contents($filename, $conf);
chmod($filename, 0640);
conf_mount_ro();
@@ -1280,7 +1284,7 @@ sql sql2 {
}
EOD;
- $filename = FREERADIUS_BASE . '/etc/raddb/sql.conf';
+ $filename = FREERADIUS_ETC . '/raddb/sql.conf';
conf_mount_rw();
file_put_contents($filename, $conf);
chmod($filename, 0640);
@@ -2128,7 +2132,7 @@ post-proxy {
}
EOD;
- $filename = FREERADIUS_BASE . '/etc/raddb/sites-available/default';
+ $filename = FREERADIUS_ETC . '/raddb/sites-available/default';
conf_mount_rw();
file_put_contents($filename, $conf);
chmod($filename, 0640);
@@ -2223,7 +2227,7 @@ authorityKeyIdentifier = keyid:always,issuer:always
basicConstraints = CA:true
EOD;
- $filename = FREERADIUS_BASE . '/etc/raddb/certs/ca.cnf';
+ $filename = FREERADIUS_ETC . '/raddb/certs/ca.cnf';
conf_mount_rw();
file_put_contents($filename, $conf);
chmod($filename, 0640);
@@ -2308,7 +2312,7 @@ emailAddress = $varcertsserveremailaddress
commonName = "$varcertsservercommonname"
EOD;
- $filename = FREERADIUS_BASE . '/etc/raddb/certs/server.cnf';
+ $filename = FREERADIUS_ETC . '/raddb/certs/server.cnf';
conf_mount_rw();
file_put_contents($filename, $conf);
chmod($filename, 0640);
@@ -2393,7 +2397,7 @@ emailAddress = $varcertsclientemailaddress
commonName = "$varcertsclientcommonname"
EOD;
- $filename = FREERADIUS_BASE . '/etc/raddb/certs/client.cnf';
+ $filename = FREERADIUS_ETC . '/raddb/certs/client.cnf';
conf_mount_rw();
file_put_contents($filename, $conf);
chmod($filename, 0640);
@@ -2426,12 +2430,12 @@ if ($eapconf['vareapconfchoosecertmanager'] == '') {
if ($arrcerts['varcertscreateclient'] == 'yes') {
// delete all old certificates and keys
- log_error("freeRADIUS: deleting all client.csr .crt .key .pem .tar in " . FREERADIUS_BASE . "/etc/raddb/certs");
- exec("rm -f " . FREERADIUS_BASE . "/etc/raddb/certs/client.csr");
- exec("rm -f " . FREERADIUS_BASE . "/etc/raddb/certs/client.crt");
- exec("rm -f " . FREERADIUS_BASE . "/etc/raddb/certs/client.key");
- exec("rm -f " . FREERADIUS_BASE . "/etc/raddb/certs/client.pem");
- exec("rm -f " . FREERADIUS_BASE . "/etc/raddb/certs/client.tar");
+ log_error("freeRADIUS: deleting all client.csr .crt .key .pem .tar in " . FREERADIUS_ETC . "/raddb/certs");
+ exec("rm -f " . FREERADIUS_ETC . "/raddb/certs/client.csr");
+ exec("rm -f " . FREERADIUS_ETC . "/raddb/certs/client.crt");
+ exec("rm -f " . FREERADIUS_ETC . "/raddb/certs/client.key");
+ exec("rm -f " . FREERADIUS_ETC . "/raddb/certs/client.pem");
+ exec("rm -f " . FREERADIUS_ETC . "/raddb/certs/client.tar");
// run fuction to create ONLY new client.cnf files based on user input from freeradiuscert.xml
@@ -2439,21 +2443,21 @@ if ($eapconf['vareapconfchoosecertmanager'] == '') {
// make bootstrap executable and run to create cert based on client.cnf files
- exec("chmod 0770 " . FREERADIUS_BASE . "/etc/raddb/certs/bootstrap");
- exec(FREERADIUS_BASE . "/etc/raddb/certs/bootstrap");
+ exec("chmod 0770 " . FREERADIUS_ETC . "/raddb/certs/bootstrap");
+ exec(FREERADIUS_ETC . "/raddb/certs/bootstrap");
// rename client generated XX.pem to client.pem // use regex to replace spaces and so on.
- $varserial = preg_replace("/\s/","",file_get_contents(FREERADIUS_BASE . '/etc/raddb/certs/serial.old'));
- if (file_exists(FREERADIUS_BASE . "/etc/raddb/certs/$varserial.pem"))
- rename(FREERADIUS_BASE . "/etc/raddb/certs/$varserial.pem",FREERADIUS_BASE . "/etc/raddb/certs/client.pem");
+ $varserial = preg_replace("/\s/","",file_get_contents(FREERADIUS_ETC . '/raddb/certs/serial.old'));
+ if (file_exists(FREERADIUS_ETC . "/raddb/certs/$varserial.pem"))
+ rename(FREERADIUS_ETC . "/raddb/certs/$varserial.pem",FREERADIUS_ETC . "/raddb/certs/client.pem");
// tar client-cert files
- exec("cd " . FREERADIUS_BASE . "/etc/raddb/certs && tar -cf client.tar client.crt client.csr client.key ca.der client.pem");
+ exec("cd " . FREERADIUS_ETC . "/raddb/certs && tar -cf client.tar client.crt client.csr client.key ca.der client.pem");
// Make all files in certs folder read/write only for root
- exec("chmod -R 0600 " . FREERADIUS_BASE . "/etc/raddb/certs/");
- log_error("freeRADIUS: Created new client.csr .crt .key .pem and added them together with ca.der in " . FREERADIUS_BASE . "/etc/raddb/certs/client.tar");
+ exec("chmod -R 0600 " . FREERADIUS_ETC . "/raddb/certs/");
+ log_error("freeRADIUS: Created new client.csr .crt .key .pem and added them together with ca.der in " . FREERADIUS_ETC . "/raddb/certs/client.tar");
}
}
else {
@@ -2461,18 +2465,18 @@ if ($eapconf['vareapconfchoosecertmanager'] == '') {
if ($arrcerts['varcertsdeleteall'] == 'yes') {
// delete all old certificates and keys - deletes certs from pfsense cert-manager IN THIS FOLDER, too.
- log_error("freeRADIUS: deleting all CA, Server and Client certs, DH, random and database files in " . FREERADIUS_BASE . "/etc/raddb/certs");
- exec("rm -f " . FREERADIUS_BASE . "/etc/raddb/certs/ca.pem && rm -f " . FREERADIUS_BASE . "/etc/raddb/certs/server.pem && rm -f " . FREERADIUS_BASE . "/etc/raddb/certs/client.pem");
- exec("rm -f " . FREERADIUS_BASE . "/etc/raddb/certs/ca.der && rm -f " . FREERADIUS_BASE . "/etc/raddb/certs/server.der && rm -f " . FREERADIUS_BASE . "/etc/raddb/certs/client.der");
- exec("rm -f " . FREERADIUS_BASE . "/etc/raddb/certs/ca.csr && rm -f " . FREERADIUS_BASE . "/etc/raddb/certs/server.csr && rm -f " . FREERADIUS_BASE . "/etc/raddb/certs/client.csr");
- exec("rm -f " . FREERADIUS_BASE . "/etc/raddb/certs/ca.crt && rm -f " . FREERADIUS_BASE . "/etc/raddb/certs/server.crt && rm -f " . FREERADIUS_BASE . "/etc/raddb/certs/client.crt");
- exec("rm -f " . FREERADIUS_BASE . "/etc/raddb/certs/ca.key && rm -f " . FREERADIUS_BASE . "/etc/raddb/certs/server.key && rm -f " . FREERADIUS_BASE . "/etc/raddb/certs/client.key");
- exec("rm -f " . FREERADIUS_BASE . "/etc/raddb/certs/ca.p12 && rm -f " . FREERADIUS_BASE . "/etc/raddb/certs/server.p12 && rm -f " . FREERADIUS_BASE . "/etc/raddb/certs/client.p12");
- exec("rm -f " . FREERADIUS_BASE . "/etc/raddb/certs/serial*");
- exec("rm -f " . FREERADIUS_BASE . "/etc/raddb/certs/index*");
- exec("rm -f " . FREERADIUS_BASE . "/etc/raddb/certs/dh");
- exec("rm -f " . FREERADIUS_BASE . "/etc/raddb/certs/random");
- exec("rm -f " . FREERADIUS_BASE . "/etc/raddb/certs/client.tar");
+ log_error("freeRADIUS: deleting all CA, Server and Client certs, DH, random and database files in " . FREERADIUS_ETC . "/raddb/certs");
+ exec("rm -f " . FREERADIUS_ETC . "/raddb/certs/ca.pem && rm -f " . FREERADIUS_ETC . "/raddb/certs/server.pem && rm -f " . FREERADIUS_ETC . "/raddb/certs/client.pem");
+ exec("rm -f " . FREERADIUS_ETC . "/raddb/certs/ca.der && rm -f " . FREERADIUS_ETC . "/raddb/certs/server.der && rm -f " . FREERADIUS_ETC . "/raddb/certs/client.der");
+ exec("rm -f " . FREERADIUS_ETC . "/raddb/certs/ca.csr && rm -f " . FREERADIUS_ETC . "/raddb/certs/server.csr && rm -f " . FREERADIUS_ETC . "/raddb/certs/client.csr");
+ exec("rm -f " . FREERADIUS_ETC . "/raddb/certs/ca.crt && rm -f " . FREERADIUS_ETC . "/raddb/certs/server.crt && rm -f " . FREERADIUS_ETC . "/raddb/certs/client.crt");
+ exec("rm -f " . FREERADIUS_ETC . "/raddb/certs/ca.key && rm -f " . FREERADIUS_ETC . "/raddb/certs/server.key && rm -f " . FREERADIUS_ETC . "/raddb/certs/client.key");
+ exec("rm -f " . FREERADIUS_ETC . "/raddb/certs/ca.p12 && rm -f " . FREERADIUS_ETC . "/raddb/certs/server.p12 && rm -f " . FREERADIUS_ETC . "/raddb/certs/client.p12");
+ exec("rm -f " . FREERADIUS_ETC . "/raddb/certs/serial*");
+ exec("rm -f " . FREERADIUS_ETC . "/raddb/certs/index*");
+ exec("rm -f " . FREERADIUS_ETC . "/raddb/certs/dh");
+ exec("rm -f " . FREERADIUS_ETC . "/raddb/certs/random");
+ exec("rm -f " . FREERADIUS_ETC . "/raddb/certs/client.tar");
// run fuctions to create new .cnf files based on user input from freeradiuscert.xml
@@ -2481,28 +2485,28 @@ if ($eapconf['vareapconfchoosecertmanager'] == '') {
freeradius_clientcertcnf_resync();
// this command deletes the pfsense_cert_mgr checkfile so when we change back to pfsense cert manager a new DH + random file will be created
- if (file_exists(FREERADIUS_BASE . "/etc/raddb/certs/pfsense_cert_mgr")) {
- unlink(FREERADIUS_BASE . "/etc/raddb/certs/pfsense_cert_mgr");
+ if (file_exists(FREERADIUS_ETC . "/raddb/certs/pfsense_cert_mgr")) {
+ unlink(FREERADIUS_ETC . "/raddb/certs/pfsense_cert_mgr");
}
// generate new DH and RANDOM file
- log_error("freeRADIUS: Creating new DH and random file in " . FREERADIUS_BASE . "/etc/raddb/certs");
- exec("cd " . FREERADIUS_BASE . "/etc/raddb/certs && openssl dhparam -out dh 1024");
- exec("cd " . FREERADIUS_BASE . "/etc/raddb/certs && dd if=/dev/urandom of=./random count=10");
+ log_error("freeRADIUS: Creating new DH and random file in " . FREERADIUS_ETC . "/raddb/certs");
+ exec("cd " . FREERADIUS_ETC . "/raddb/certs && openssl dhparam -out dh 1024");
+ exec("cd " . FREERADIUS_ETC . "/raddb/certs && dd if=/dev/urandom of=./random count=10");
- log_error("freeRADIUS: Creating new CA, Server and Client certs in " . FREERADIUS_BASE . "/etc/raddb/certs");
+ log_error("freeRADIUS: Creating new CA, Server and Client certs in " . FREERADIUS_ETC . "/raddb/certs");
// make bootstrap executable and run to create certs based on .cnf files
- exec("chmod 0770 " . FREERADIUS_BASE . "/etc/raddb/certs/bootstrap");
- exec(FREERADIUS_BASE . "/etc/raddb/certs/bootstrap");
+ exec("chmod 0770 " . FREERADIUS_ETC . "/raddb/certs/bootstrap");
+ exec(FREERADIUS_ETC . "/raddb/certs/bootstrap");
// rename client generated 02.pem to client.pem
- if (file_exists(FREERADIUS_BASE . "/etc/raddb/certs/02.pem"))
- rename(FREERADIUS_BASE . "/etc/raddb/certs/02.pem",FREERADIUS_BASE . "/etc/raddb/certs/client.pem");
+ if (file_exists(FREERADIUS_ETC . "/raddb/certs/02.pem"))
+ rename(FREERADIUS_ETC . "/raddb/certs/02.pem",FREERADIUS_ETC . "/raddb/certs/client.pem");
// tar client-cert files
- exec("cd " . FREERADIUS_BASE . "/etc/raddb/certs && tar -cf client.tar client.crt client.csr client.key ca.der client.pem");
- exec("chmod -R 0600 " . FREERADIUS_BASE . "/etc/raddb/certs/");
- log_error("freeRADIUS: Added client.csr .crt .key .pem together with ca.der in " . FREERADIUS_BASE . "/etc/raddb/certs/client.tar");
+ exec("cd " . FREERADIUS_ETC . "/raddb/certs && tar -cf client.tar client.crt client.csr client.key ca.der client.pem");
+ exec("chmod -R 0600 " . FREERADIUS_ETC . "/raddb/certs/");
+ log_error("freeRADIUS: Added client.csr .crt .key .pem together with ca.der in " . FREERADIUS_ETC . "/raddb/certs/client.tar");
// If there were changes on the certificates we need to restart freeradius
restart_service('radiusd');
@@ -2689,7 +2693,7 @@ function freeradius_all_after_XMLRPC_resync() {
log_error("FreeRADIUS: Finished XMLRPC process. It should be OK. For more information look at the host which started sync.");
- exec(FREERADIUS_BASE . "/etc/rc.d/radiusd onerestart");
+ exec(FREERADIUS_ETC . "/rc.d/radiusd onerestart");
}
function freeradius_modulescounter_resync() {
@@ -2812,7 +2816,7 @@ counter forever {
}
EOD;
- $filename = FREERADIUS_BASE . '/etc/raddb/modules/counter';
+ $filename = FREERADIUS_ETC . '/raddb/modules/counter';
conf_mount_rw();
file_put_contents($filename, $conf);
chmod($filename, 0640);
@@ -2906,7 +2910,7 @@ nt-response=%{%{mschap:NT-Response}:-00}"
}
EOD;
- $filename = FREERADIUS_BASE . '/etc/raddb/modules/mschap';
+ $filename = FREERADIUS_ETC . '/raddb/modules/mschap';
conf_mount_rw();
file_put_contents($filename, $conf);
chmod($filename, 0640);
@@ -2951,7 +2955,7 @@ realm ntdomain {
}
EOD;
- $filename = FREERADIUS_BASE . '/etc/raddb/modules/realm';
+ $filename = FREERADIUS_ETC . '/raddb/modules/realm';
conf_mount_rw();
file_put_contents($filename, $conf);
chmod($filename, 0640);
@@ -3004,37 +3008,37 @@ if($arrmodulesldap['varmodulesldapenabletlssupport'] == 'on') {
$ca_cert = lookup_ca($arrmodulesldap["ssl_ca_cert1"]);
if ($ca_cert != false) {
if(base64_decode($ca_cert['prv'])) {
- file_put_contents(FREERADIUS_BASE . "/etc/raddb/certs/ca_ldap1_key.pem",
+ file_put_contents(FREERADIUS_ETC . "/raddb/certs/ca_ldap1_key.pem",
base64_decode($ca_cert['prv']));
- $conf['ssl_ca_key'] = FREERADIUS_BASE . '/etc/raddb/certs/ca_ldap1_key.pem';
+ $conf['ssl_ca_key'] = FREERADIUS_ETC . '/raddb/certs/ca_ldap1_key.pem';
}
if(base64_decode($ca_cert['crt'])) {
- file_put_contents(FREERADIUS_BASE . "/etc/raddb/certs/ca_ldap1_cert.pem",
+ file_put_contents(FREERADIUS_ETC . "/raddb/certs/ca_ldap1_cert.pem",
base64_decode($ca_cert['crt']));
- $conf['ssl_ca_cert1'] = FREERADIUS_BASE . "/etc/raddb/certs/ca_ldap1_cert.pem";
+ $conf['ssl_ca_cert1'] = FREERADIUS_ETC . "/raddb/certs/ca_ldap1_cert.pem";
}
$svr_cert = lookup_cert($arrmodulesldap["ssl_server_cert1"]);
if ($svr_cert != false) {
if(base64_decode($svr_cert['prv'])) {
- file_put_contents(FREERADIUS_BASE . "/etc/raddb/certs/radius_ldap1_cert.key",
+ file_put_contents(FREERADIUS_ETC . "/raddb/certs/radius_ldap1_cert.key",
base64_decode($svr_cert['prv']));
- $conf['ssl_key'] = FREERADIUS_BASE . '/etc/raddb/certs/radius_ldap1_cert.key';
+ $conf['ssl_key'] = FREERADIUS_ETC . '/raddb/certs/radius_ldap1_cert.key';
}
}
if(base64_decode($svr_cert['crt'])) {
- file_put_contents(FREERADIUS_BASE . "/etc/raddb/certs/radius_ldap1_cert.crt",
+ file_put_contents(FREERADIUS_ETC . "/raddb/certs/radius_ldap1_cert.crt",
base64_decode($svr_cert['crt']));
- $conf['ssl_server_cert1'] = FREERADIUS_BASE . "/etc/raddb/certs/radius_ldap1_cert.crt";
+ $conf['ssl_server_cert1'] = FREERADIUS_ETC . "/raddb/certs/radius_ldap1_cert.crt";
}
- $conf['ssl_cert_dir'] = FREERADIUS_BASE . '/etc/raddb/certs';
+ $conf['ssl_cert_dir'] = FREERADIUS_ETC . '/raddb/certs';
}
$varmodulesldapstarttls = "yes";
}
@@ -3051,37 +3055,37 @@ if($arrmodulesldap['varmodulesldap2enabletlssupport'] == 'on') {
$ca_cert = lookup_ca($arrmodulesldap["ssl_ca_cert2"]);
if ($ca_cert != false) {
if(base64_decode($ca_cert['prv'])) {
- file_put_contents(FREERADIUS_BASE . "/etc/raddb/certs/ca_ldap2_key.pem",
+ file_put_contents(FREERADIUS_ETC . "/raddb/certs/ca_ldap2_key.pem",
base64_decode($ca_cert['prv']));
- $conf['ssl_ca_key'] = FREERADIUS_BASE . '/etc/raddb/certs/ca_ldap2_key.pem';
+ $conf['ssl_ca_key'] = FREERADIUS_ETC . '/raddb/certs/ca_ldap2_key.pem';
}
if(base64_decode($ca_cert['crt'])) {
- file_put_contents(FREERADIUS_BASE . "/etc/raddb/certs/ca_ldap2_cert.pem",
+ file_put_contents(FREERADIUS_ETC . "/raddb/certs/ca_ldap2_cert.pem",
base64_decode($ca_cert['crt']));
- $conf['ssl_ca_cert2'] = FREERADIUS_BASE . "/etc/raddb/certs/ca_ldap2_cert.pem";
+ $conf['ssl_ca_cert2'] = FREERADIUS_ETC . "/raddb/certs/ca_ldap2_cert.pem";
}
$svr_cert = lookup_cert($arrmodulesldap["ssl_server_cert2"]);
if ($svr_cert != false) {
if(base64_decode($svr_cert['prv'])) {
- file_put_contents(FREERADIUS_BASE . "/etc/raddb/certs/radius_ldap2_cert.key",
+ file_put_contents(FREERADIUS_ETC . "/raddb/certs/radius_ldap2_cert.key",
base64_decode($svr_cert['prv']));
- $conf['ssl_key'] = FREERADIUS_BASE . '/etc/raddb/certs/radius_ldap2_cert.key';
+ $conf['ssl_key'] = FREERADIUS_ETC . '/raddb/certs/radius_ldap2_cert.key';
}
}
if(base64_decode($svr_cert['crt'])) {
- file_put_contents(FREERADIUS_BASE . "/etc/raddb/certs/radius_ldap2_cert.crt",
+ file_put_contents(FREERADIUS_ETC . "/raddb/certs/radius_ldap2_cert.crt",
base64_decode($svr_cert['crt']));
- $conf['ssl_server_cert2'] = FREERADIUS_BASE . "/etc/raddb/certs/radius_ldap2_cert.crt";
+ $conf['ssl_server_cert2'] = FREERADIUS_ETC . "/raddb/certs/radius_ldap2_cert.crt";
}
- $conf['ssl_cert_dir'] = FREERADIUS_BASE . '/etc/raddb/certs';
+ $conf['ssl_cert_dir'] = FREERADIUS_ETC . '/raddb/certs';
}
$varmodulesldap2starttls = "yes";
}
@@ -3204,7 +3208,7 @@ else {
$varmodulesldap2keepaliveidle = ($arrmodulesldap['varmodulesldap2keepaliveidle']?$arrmodulesldap['varmodulesldap2keepaliveidle']:'60');
$varmodulesldap2keepaliveprobes = ($arrmodulesldap['varmodulesldap2keepaliveprobes']?$arrmodulesldap['varmodulesldap2keepaliveprobes']:'3');
$varmodulesldap2keepaliveinterval = ($arrmodulesldap['varmodulesldap2keepaliveinterval']?$arrmodulesldap['varmodulesldap2keepaliveinterval']:'3');
-$raddb = FREERADIUS_BASE . '/etc/raddb';
+$raddb = FREERADIUS_ETC . '/raddb';
$conf .= <<<EOD
# -*- text -*-
#
@@ -3555,7 +3559,7 @@ ldap ldap2{
}
EOD;
- $filename = FREERADIUS_BASE . '/etc/raddb/modules/ldap';
+ $filename = FREERADIUS_ETC . '/raddb/modules/ldap';
conf_mount_rw();
file_put_contents($filename, $conf);
chmod($filename, 0640);
@@ -3576,29 +3580,29 @@ function freeradius_plainmacauth_resync() {
$varsettings = $config['installedpackages']['freeradiussettings']['config'][0];
// defining variables with filename path
- $filepolicyconf = FREERADIUS_BASE . '/etc/raddb/policy.conf';
- $filepolicyconfbackup = FREERADIUS_BASE . '/etc/raddb/policy.conf.backup';
- $filemodulesfiles = FREERADIUS_BASE . '/etc/raddb/modules/files';
- $filemodulesfilesbackup = FREERADIUS_BASE . '/etc/raddb/files.backup';
+ $filepolicyconf = FREERADIUS_ETC . '/raddb/policy.conf';
+ $filepolicyconfbackup = FREERADIUS_ETC . '/raddb/policy.conf.backup';
+ $filemodulesfiles = FREERADIUS_ETC . '/raddb/modules/files';
+ $filemodulesfilesbackup = FREERADIUS_ETC . '/raddb/files.backup';
// If unchecked then plain mac auth is disabled and backups of the original files will be restored
if ($varsettings['varsettingsenablemacauth'] == '') {
// This is a check - only restore files if they aren't already
- if (file_exists(FREERADIUS_BASE . "/etc/raddb/plain_macauth_enabled")) {
+ if (file_exists(FREERADIUS_ETC . "/raddb/plain_macauth_enabled")) {
log_error("FreeRADIUS: Plain-MAC-Auth disabled. Restoring the original file from {$filepolicyconfbackup} and {$filemodulesfilesbackup}");
copy($filepolicyconfbackup, $filepolicyconf);
copy($filemodulesfilesbackup, $filemodulesfiles);
- unlink(FREERADIUS_BASE . "/etc/raddb/plain_macauth_enabled");
+ unlink(FREERADIUS_ETC . "/raddb/plain_macauth_enabled");
freeradius_serverdefault_resync();
}
}
// If checked then plain mac auth is enabled
else {
// This is a check - only modify files if they aren't already
- if (!file_exists(FREERADIUS_BASE . "/etc/raddb/plain_macauth_enabled")) {
+ if (!file_exists(FREERADIUS_ETC . "/raddb/plain_macauth_enabled")) {
freeradius_modulesfiles_resync();
freeradius_policyconf_resync();
- exec("cd " . FREERADIUS_BASE . "/etc/raddb && touch " . FREERADIUS_BASE . "/etc/raddb/plain_macauth_enabled");
+ exec("cd " . FREERADIUS_ETC . "/raddb && touch " . FREERADIUS_ETC . "/raddb/plain_macauth_enabled");
log_error("FreeRADIUS: Plain-MAC-Auth enabled. Modified {$filepolicyconf} and {$filemodulesfiles}");
freeradius_serverdefault_resync();
}
@@ -3660,7 +3664,7 @@ files authorized_macs {
}
EOD;
- $filename = FREERADIUS_BASE . '/etc/raddb/modules/files';
+ $filename = FREERADIUS_ETC . '/raddb/modules/files';
conf_mount_rw();
file_put_contents($filename, $conf);
chmod($filename, 0640);
@@ -3886,7 +3890,7 @@ policy {
}
EOD;
- $filename = FREERADIUS_BASE . '/etc/raddb/policy.conf';
+ $filename = FREERADIUS_ETC . '/raddb/policy.conf';
conf_mount_rw();
file_put_contents($filename, $conf);
chmod($filename, 0640);
@@ -3895,7 +3899,7 @@ EOD;
}
function freeradius_motp_resync() {
- global $config;
+ global $config, $bash_path;
$conf = '';
$varsettings = $config['installedpackages']['freeradiussettings']['config'][0];
@@ -3907,38 +3911,14 @@ function freeradius_motp_resync() {
$varsettingsmotpchecksumtype = ($varsettings['varsettingsmotpchecksumtype']?$varsettings['varsettingsmotpchecksumtype']:'md5');
$varsettingsmotptokenlength = ($varsettings['varsettingsmotptokenlength']?$varsettings['varsettingsmotptokenlength']:'1-6');
- // check if disabled then we delete bash und otpverify.sh script
+ // check if disabled then we delete otpverify.sh script
if ($varsettings['varsettingsmotpenable'] == '') {
- if (file_exists(FREERADIUS_BASE . "/etc/raddb/scripts/otpverify.sh")) {
- unlink(FREERADIUS_BASE . "/etc/raddb/scripts/otpverify.sh");
- }
- if (exec("cd /var/db/pkg && ls | grep bash") == "bash-4.1.7") {
- exec("cd /var/db/pkg && pkg_delete `ls | grep bash`");
- log_error('FreeRADIUS: Uninstalling package "bash-4.1.7" which comes with Mobile-One-Time-Password (motp).');
+ if (file_exists(FREERADIUS_ETC . "/raddb/scripts/otpverify.sh")) {
+ @unlink(FREERADIUS_ETC . "/raddb/scripts/otpverify.sh");
}
- if (exec("cd /var/db/pkg && ls | grep bash") == "bash-4.2.20") {
- exec("cd /var/db/pkg && pkg_delete `ls | grep bash`");
- log_error('FreeRADIUS: Uninstalling package "bash-4.2.20" which comes with Mobile-One-Time-Password (motp).');
- }
- }
-
- // check if enabled then we need to download "bash"
- else {
- if (substr(trim(file_get_contents("/etc/version")),0,3) == "2.0") {
- if (exec("cd /var/db/pkg && ls | grep bash") != "bash-4.1.7") {
- log_error('FreeRADIUS: Downloading and installing package "bash-4.1.7" to use Mobile-One-Time-Password (motp).');
- exec("pkg_add -r http://ftp-archive.freebsd.org/pub/FreeBSD-Archive/ports/`uname -m`/packages-8.1-release/All/bash-4.1.7.tbz");
- }
- } else {
- if (exec("cd /var/db/pkg && ls | grep bash") != "bash-4.2.20") {
- log_error('FreeRADIUS: Downloading and installing package "bash-4.2.20" to use Mobile-One-Time-Password (motp).');
- exec("pkg_add -r http://ftp-archive.freebsd.org/pub/FreeBSD/ports/`uname -m`/packages-8.3-release/All/bash-4.2.20.tbz");
- }
- }
-
-
- $conf .= <<<EOD
-#!/bin/bash
+ } else {
+ $conf .= <<<EOD
+#!{$bash_path}
#
# Mobile One Time Passwords (Mobile-OTP) for Java 2 Micro Edition, J2ME
# written by Matthias Straub, Heilbronn, Germany, 2003
@@ -4055,32 +4035,30 @@ exit 11
EOD;
- $filename = FREERADIUS_BASE . '/etc/raddb/scripts/otpverify.sh';
- conf_mount_rw();
- file_put_contents($filename, $conf);
- chmod($filename, 0750);
- conf_mount_ro();
-
- // end of above 'check if enabled then we need to download "bash"'
+ $filename = FREERADIUS_ETC . '/raddb/scripts/otpverify.sh';
+ conf_mount_rw();
+ file_put_contents($filename, $conf);
+ chmod($filename, 0750);
+ conf_mount_ro();
}
}
function freeradius_modulesmotp_resync() {
- global $config;
+ global $config, $bash_path;
$conf = '';
// put the constant to a variable
- $varFREERADIUS_BASE = FREERADIUS_BASE;
+ $varFREERADIUS_ETC = FREERADIUS_ETC;
$conf .= <<<EOD
exec motp {
wait = yes
- program = "/usr/local/bin/bash $varFREERADIUS_BASE/etc/raddb/scripts/otpverify.sh %{request:User-Name} %{request:User-Password} %{reply:MOTP-Init-Secret} %{reply:MOTP-PIN} %{reply:MOTP-Offset}"
+ program = "{$bash_path} {$varFREERADIUS_ETC}/raddb/scripts/otpverify.sh %{request:User-Name} %{request:User-Password} %{reply:MOTP-Init-Secret} %{reply:MOTP-PIN} %{reply:MOTP-Offset}"
}
EOD;
- $filename = FREERADIUS_BASE . '/etc/raddb/modules/motp';
+ $filename = FREERADIUS_ETC . '/raddb/modules/motp';
conf_mount_rw();
file_put_contents($filename, $conf);
chmod($filename, 0640);
@@ -4093,28 +4071,28 @@ function freeradius_modulesdatacounter_resync() {
$conf = '';
// put the constant to a variable
- $varFREERADIUS_BASE = FREERADIUS_BASE;
+ $varFREERADIUS_ETC = FREERADIUS_ETC;
$conf .= <<<EOD
exec datacounterdaily {
wait = yes
- program = "/bin/sh $varFREERADIUS_BASE/etc/raddb/scripts/datacounter_acct.sh %{request:User-Name} daily %{request:Acct-Input-Octets} %{request:Acct-Output-Octets}"
+ program = "/bin/sh {$varFREERADIUS_ETC}/raddb/scripts/datacounter_acct.sh %{request:User-Name} daily %{request:Acct-Input-Octets} %{request:Acct-Output-Octets}"
}
exec datacounterweekly {
wait = yes
- program = "/bin/sh $varFREERADIUS_BASE/etc/raddb/scripts/datacounter_acct.sh %{request:User-Name} weekly %{request:Acct-Input-Octets} %{request:Acct-Output-Octets}"
+ program = "/bin/sh {$varFREERADIUS_ETC}/raddb/scripts/datacounter_acct.sh %{request:User-Name} weekly %{request:Acct-Input-Octets} %{request:Acct-Output-Octets}"
}
exec datacountermonthly {
wait = yes
- program = "/bin/sh $varFREERADIUS_BASE/etc/raddb/scripts/datacounter_acct.sh %{request:User-Name} monthly %{request:Acct-Input-Octets} %{request:Acct-Output-Octets}"
+ program = "/bin/sh {$varFREERADIUS_ETC}/raddb/scripts/datacounter_acct.sh %{request:User-Name} monthly %{request:Acct-Input-Octets} %{request:Acct-Output-Octets}"
}
exec datacounterforever {
wait = yes
- program = "/bin/sh $varFREERADIUS_BASE/etc/raddb/scripts/datacounter_acct.sh %{request:User-Name} forever %{request:Acct-Input-Octets} %{request:Acct-Output-Octets}"
+ program = "/bin/sh {$varFREERADIUS_ETC}/raddb/scripts/datacounter_acct.sh %{request:User-Name} forever %{request:Acct-Input-Octets} %{request:Acct-Output-Octets}"
}
EOD;
- $filename = FREERADIUS_BASE . '/etc/raddb/modules/datacounter_acct';
+ $filename = FREERADIUS_ETC . '/raddb/modules/datacounter_acct';
conf_mount_rw();
file_put_contents($filename, $conf);
chmod($filename, 0640);
@@ -4153,7 +4131,7 @@ else
fi
EOD;
- $filename = FREERADIUS_BASE . '/etc/raddb/scripts/datacounter_auth.sh';
+ $filename = FREERADIUS_ETC . '/raddb/scripts/datacounter_auth.sh';
conf_mount_rw();
file_put_contents($filename, $conf);
chmod($filename, 0750);
@@ -4201,7 +4179,7 @@ fi
EOD;
- $filename = FREERADIUS_BASE . '/etc/raddb/scripts/datacounter_acct.sh';
+ $filename = FREERADIUS_ETC . '/raddb/scripts/datacounter_acct.sh';
conf_mount_rw();
file_put_contents($filename, $conf);
chmod($filename, 0750);
@@ -4269,7 +4247,7 @@ ATTRIBUTE MOTP-Offset 902 string
EOD;
- $filename = FREERADIUS_BASE . '/etc/raddb/dictionary';
+ $filename = FREERADIUS_ETC . '/raddb/dictionary';
conf_mount_rw();
file_put_contents($filename, $conf);
chmod($filename, 0640);
diff --git a/config/freeradius2/freeradius.xml b/config/freeradius2/freeradius.xml
index 13b4123a..8cef9430 100644
--- a/config/freeradius2/freeradius.xml
+++ b/config/freeradius2/freeradius.xml
@@ -204,7 +204,7 @@
</adddeleteeditpagefields>
<fields>
<field>
- <name>GENERAL CONFIGURATION</name>
+ <name>General Configuration</name>
<type>listtopic</type>
</field>
<field>
@@ -280,19 +280,19 @@
<default_value>0</default_value>
</field>
<field>
- <name>MISCELLANEOUS CONFIGURATION</name>
+ <name>Miscellaneous Configuration</name>
<type>listtopic</type>
</field>
<field>
<fielddescr>Number of simultaneous connections</fielddescr>
<fieldname>varuserssimultaneousconnect</fieldname>
- <description><![CDATA[The maximum of simultaneous connections with this username. If you leave this field empty than there is no limit. If you are using FreeRADIUS with CaptivePortal you should leave this empty. Read the documentation!]]></description>
+ <description><![CDATA[The maximum of simultaneous connections with this username. If you leave this field empty than there is no limit. If you are using FreeRADIUS with Captive Portal you should leave this empty. Read the documentation!]]></description>
<type>input</type>
</field>
<field>
<fielddescr>Redirection URL</fielddescr>
<fieldname>varuserswisprredirectionurl</fieldname>
- <description><![CDATA[Enter the URL the user should be redirected to after successfull login. (e.g.: http://www.google.com)]]></description>
+ <description><![CDATA[Enter the URL the user should be redirected to after successful login. (e.g.: http://www.google.com)]]></description>
<type>input</type>
</field>
<field>
@@ -302,7 +302,7 @@
<type>input</type>
</field>
<field>
- <name>NETWORK CONFIGURATION</name>
+ <name>Network Configuration</name>
<type>listtopic</type>
</field>
<field>
@@ -339,7 +339,7 @@
<type>input</type>
</field>
<field>
- <name>TIME CONFIGURATION</name>
+ <name>Time Configuration</name>
<type>listtopic</type>
</field>
<field>
@@ -384,7 +384,7 @@
</options>
</field>
<field>
- <name>TRAFFIC AND BANDWIDTH</name>
+ <name>Traffic and Bandwidth</name>
<type>listtopic</type>
</field>
<field>
@@ -425,7 +425,7 @@
<type>input</type>
</field>
<field>
- <name>ADVANCED CONFIGURATION</name>
+ <name>Advanced Configuration</name>
<type>listtopic</type>
</field>
<field>
diff --git a/config/freeradius2/freeradius_view_config.php b/config/freeradius2/freeradius_view_config.php
index bfabd7fa..b2959783 100644
--- a/config/freeradius2/freeradius_view_config.php
+++ b/config/freeradius2/freeradius_view_config.php
@@ -33,10 +33,10 @@
require("guiconfig.inc");
// Check to find out on which system the package is running
-if (substr(trim(file_get_contents("/etc/version")),0,3) == "2.0") {
- define('RADDB', '/usr/local/etc/raddb');
-} else {
+if (substr(trim(file_get_contents("/etc/version")),0,3) == "2.1") {
define('RADDB', '/usr/pbi/freeradius-' . php_uname("m") . '/etc/raddb');
+} else {
+ define('RADDB', '/usr/pbi/freeradius-' . php_uname("m") . '/local/etc/raddb');
}
// End of system check
@@ -67,10 +67,6 @@ if ($_REQUEST['file']!=""){
get_file($_REQUEST['file']);
}
else{
- $pf_version=substr(trim(file_get_contents("/etc/version")),0,3);
- if ($pf_version < 2.0)
- $one_two = true;
-
$pgtitle = "FreeRADIUS: View Configuration";
include("head.inc");
@@ -78,10 +74,6 @@ else{
<body link="#0000CC" vlink="#0000CC" alink="#0000CC">
<?php include("fbegin.inc"); ?>
- <?php if($one_two): ?>
- <p class="pgtitle"><?=$pgtitle?></font></p>
- <?php endif; ?>
-
<?php if ($savemsg) print_info_box($savemsg); ?>
<form action="freeradius_view_config.php" method="post">
diff --git a/config/freeradius2/freeradiusauthorizedmacs.xml b/config/freeradius2/freeradiusauthorizedmacs.xml
index 05b5515a..594e7398 100644
--- a/config/freeradius2/freeradiusauthorizedmacs.xml
+++ b/config/freeradius2/freeradiusauthorizedmacs.xml
@@ -200,7 +200,7 @@
</adddeleteeditpagefields>
<fields>
<field>
- <name>GENERAL CONFIGURATION</name>
+ <name>General Configuration</name>
<type>listtopic</type>
</field>
<field>
@@ -227,13 +227,13 @@
<type>input</type>
</field>
<field>
- <name>MISCELLANEOUS CONFIGURATION</name>
+ <name>Miscellaneous Configuration</name>
<type>listtopic</type>
</field>
<field>
<fielddescr>Redirection URL</fielddescr>
<fieldname>varmacsswisprredirectionurl</fieldname>
- <description><![CDATA[Enter the URL the MAC should be redirected to after successfull login. (e.g.: http://www.google.com)]]></description>
+ <description><![CDATA[Enter the URL the MAC should be redirected to after successful login. (e.g.: http://www.google.com)]]></description>
<type>input</type>
</field>
<field>
@@ -250,7 +250,7 @@
<type>input</type>
</field>
<field>
- <name>NETWORK CONFIGURATION</name>
+ <name>Network Configuration</name>
<type>listtopic</type>
</field>
<field>
@@ -287,7 +287,7 @@
<type>input</type>
</field>
<field>
- <name>TIME CONFIGURATION</name>
+ <name>Time Configuration</name>
<type>listtopic</type>
</field>
<field>
@@ -331,7 +331,7 @@
</options>
</field>
<field>
- <name>TRAFFIC AND BANDWIDTH</name>
+ <name>Traffic and Bandwidth</name>
<type>listtopic</type>
</field>
<field>
@@ -372,7 +372,7 @@
<type>input</type>
</field>
<field>
- <name>ADVANCED CONFIGURATION</name>
+ <name>Advanced Configuration</name>
<type>listtopic</type>
</field>
<field>
diff --git a/config/freeradius2/freeradiuscerts.xml b/config/freeradius2/freeradiuscerts.xml
index 6108215b..4909411a 100644
--- a/config/freeradius2/freeradiuscerts.xml
+++ b/config/freeradius2/freeradiuscerts.xml
@@ -98,7 +98,7 @@
</tabs>
<fields>
<field>
- <name>GENERAL CONFIGURATION</name>
+ <name>General Configuration</name>
<type>listtopic</type>
</field>
<field>
diff --git a/config/freeradius2/freeradiusclients.xml b/config/freeradius2/freeradiusclients.xml
index 215a751e..4e66a597 100644
--- a/config/freeradius2/freeradiusclients.xml
+++ b/config/freeradius2/freeradiusclients.xml
@@ -132,13 +132,13 @@
</adddeleteeditpagefields>
<fields>
<field>
- <name>GENERAL CONFIGURATION</name>
+ <name>General Configuration</name>
<type>listtopic</type>
</field>
<field>
<fielddescr>Client IP Address</fielddescr>
<fieldname>varclientip</fieldname>
- <description><![CDATA[Enter the IP address of the client. This is in general the IP of the NAS (switch,accesspoint).]]></description>
+ <description><![CDATA[Enter the IP address of the RADIUS client. This is the IP of the NAS (switch, access point, firewall, router, etc.).]]></description>
<type>input</type>
<required/>
</field>
@@ -156,19 +156,19 @@
<field>
<fielddescr>Client Shortname</fielddescr>
<fieldname>varclientshortname</fieldname>
- <description><![CDATA[Enter shortname of the client. This is in general the hostname of the NAS (switch,accesspoint).]]></description>
+ <description><![CDATA[Enter a short name for the client. This is generally the hostname of the NAS.]]></description>
<type>input</type>
<required/>
</field>
<field>
<fielddescr>Client Shared Secret</fielddescr>
<fieldname>varclientsharedsecret</fieldname>
- <description><![CDATA[Enter the shared secret of the client here. This is the shared secret (password) which the NAS (switch or accesspoint) needs to communicate with the RADIUS server.]]></description>
+ <description><![CDATA[Enter the shared secret of the RADIUS client here. This is the shared secret (password) which the NAS (switch or accesspoint) needs to communicate with the RADIUS server.]]></description>
<type>password</type>
<required/>
</field>
<field>
- <name>MISCELLANEOUS CONFIGURATION</name>
+ <name>Miscellaneous Configuration</name>
<type>listtopic</type>
</field>
<field>
diff --git a/config/freeradius2/freeradiuseapconf.xml b/config/freeradius2/freeradiuseapconf.xml
index 8f8e4dc7..947ef6b9 100644
--- a/config/freeradius2/freeradiuseapconf.xml
+++ b/config/freeradius2/freeradiuseapconf.xml
@@ -105,7 +105,7 @@
<field>
<fielddescr>Disable weak EAP types</fielddescr>
<fieldname>vareapconfdisableweakeaptypes</fieldname>
- <description><![CDATA[Here you disable the weak EAP types MD5, GTC and LEAP. You should do this if you want that only stronger EAP types like TLS, TTLS, PEAP, MSCHAPv2 should be allowed. This option does not affect the "tunneled EAP sessions".]]></description>
+ <description><![CDATA[Here you can disable the weak EAP types MD5, GTC and LEAP. Check this to only allow stronger EAP types like TLS, TTLS, PEAP, MSCHAPv2 should be allowed. This option does not affect the "tunneled EAP sessions".]]></description>
<type>checkbox</type>
</field>
<field>
@@ -134,7 +134,7 @@
<field>
<fielddescr>Ignore Unknown EAP Types</fielddescr>
<fieldname>vareapconfignoreunknowneaptypes</fieldname>
- <description><![CDATA[If the RADIUS does not know the EAP type it rejects it. If set to "yes" an other module <b>must</b> be configured to proxy the request to a further RADIUS server. (Default: no)]]></description>
+ <description><![CDATA[If the RADIUS server does not know the EAP type, it rejects it. If set to "yes" another module <b>must</b> be configured to proxy the request to a further RADIUS server. (Default: no)]]></description>
<type>select</type>
<default_value>no</default_value>
<options>
@@ -161,23 +161,23 @@
<default_value>4096</default_value>
</field>
<field>
- <name>CERTIFICATES FOR TLS</name>
+ <name>Certificates for TLS</name>
<type>listtopic</type>
</field>
<field>
- <fielddescr>Choose Cert-Manager</fielddescr>
+ <fielddescr>Choose Cert Manager</fielddescr>
<fieldname>vareapconfchoosecertmanager</fieldname>
<description><![CDATA[Choose your Cert manager. By default it is the freeradius cert manager because the server needs some default certs to start service. For more information take al look at "Certificates"-Tab.<br>
- To use the firewall's built-in Cert Manager you have to create a CA and an Server Certificate first. (SYSTEM -> Cert Manager).<br><br>
- <b>uncheked</b>: FreeRADIUS Cert-Manager (not recommended) (Default: unchecked)<br>
- <b>cheked</b>: Firewall Cert-Manager (recommended)]]></description>
+ To use the firewall's built-in Certificate Manager you have to create a CA and an Server Certificate first. (SYSTEM -> Cert Manager).<br><br>
+ <b>unchecked</b>: FreeRADIUS Cert Manager (not recommended) (Default: unchecked)<br>
+ <b>checked</b>: Firewall Cert Manager (recommended)]]></description>
<type>checkbox</type>
<enablefields>ssl_ca_cert,ssl_ca_crl,ssl_server_cert</enablefields>
</field>
<field>
<fielddescr>Private Key Password</fielddescr>
<fieldname>vareapconfprivatekeypassword</fieldname>
- <description><![CDATA[By default the certificates created by freeradius are protected with an "input/ouput" password from reading the certificate. The certificates created by the firewall's built-in Cert Manager are not protected so you must leave this field empty. (Default: whatever)]]></description>
+ <description><![CDATA[By default the certificates created by freeradius are protected with an "input/ouput" password from reading the certificate. The certificates created by the firewall's built-in Cert Manager are not protected so you must leave this field empty.]]></description>
<type>password</type>
<default_value>whatever</default_value>
</field>
@@ -306,7 +306,7 @@
<field>
- <name>EAP-TLS - ENABLE CACHE</name>
+ <name>EAP-TLS - Enable Cache</name>
<type>listtopic</type>
</field>
<field>
@@ -334,7 +334,7 @@
<field>
<fielddescr>Max Entries</fielddescr>
<fieldname>vareapconfcachemaxentries</fieldname>
- <description><![CDATA[The maximum number of entries in the cache. Set to "0" for "infinite". This could be set to the number of users who are logged in... which can be a LOT. (Default: 255)]]></description>
+ <description><![CDATA[The maximum number of entries in the cache. Set to "0" for "infinite." (Default: 255)]]></description>
<type>input</type>
<default_value>255</default_value>
</field>
@@ -470,7 +470,7 @@
<field>
<fielddescr>Microsoft Statement of Health (SoH) Support</fielddescr>
<fieldname>vareapconfpeapsohenable</fieldname>
- <description><![CDATA[You can accept/reject clients if they have not actual windows updates and more. You need to change server-file for your needs. It cannot be changed from GUI and will be deleted after package (re)installation. (/usr/local/etc/raddb/sites-available/soh). (Default: no)]]></description>
+ <description><![CDATA[You can accept/reject clients based on Microsoft's Statement of Health, such as if they are missing Windows updates, don't have a firewall enabled, antivirus not in line with policy, etc. You need to change server-file for your needs. It cannot be changed from GUI and will be deleted after package reinstallation. (/usr/local/etc/raddb/sites-available/soh). (Default: no)]]></description>
<type>select</type>
<default_value>Disable</default_value>
<options>
diff --git a/config/freeradius2/freeradiusinterfaces.xml b/config/freeradius2/freeradiusinterfaces.xml
index 1233f72f..5427f988 100644
--- a/config/freeradius2/freeradiusinterfaces.xml
+++ b/config/freeradius2/freeradiusinterfaces.xml
@@ -120,7 +120,7 @@
</adddeleteeditpagefields>
<fields>
<field>
- <name>GENERAL CONFIGURATION</name>
+ <name>General Configuration</name>
<type>listtopic</type>
</field>
<field>
@@ -175,7 +175,7 @@
<field>
<fielddescr>Description</fielddescr>
<fieldname>description</fieldname>
- <description><![CDATA[Enter any description you like for this interface.]]></description>
+ <description><![CDATA[Optionally enter a description here for your reference.]]></description>
<type>input</type>
</field>
</fields>
diff --git a/config/freeradius2/freeradiusmodulesldap.xml b/config/freeradius2/freeradiusmodulesldap.xml
index 5abe85cb..e476b877 100644
--- a/config/freeradius2/freeradiusmodulesldap.xml
+++ b/config/freeradius2/freeradiusmodulesldap.xml
@@ -115,7 +115,7 @@
<type>checkbox</type>
</field>
<field>
- <name>GENERAL CONFIGURATION - SERVER 1</name>
+ <name>General Configuration - SERVER 1</name>
<type>listtopic</type>
</field>
<field>
@@ -207,7 +207,7 @@
<default_value>1</default_value>
</field>
<field>
- <name>MISCELLANEOUS CONFIGURATION - SERVER 1</name>
+ <name>Miscellaneous Configuration - SERVER 1</name>
<type>listtopic</type>
</field>
<field>
@@ -434,7 +434,7 @@
<type>checkbox</type>
</field>
<field>
- <name>GENERAL CONFIGURATION - SERVER 2</name>
+ <name>General Configuration - SERVER 2</name>
<type>listtopic</type>
</field>
<field>
@@ -526,7 +526,7 @@
<default_value>1</default_value>
</field>
<field>
- <name>MISCELLANEOUS CONFIGURATION - SERVER 2</name>
+ <name>Miscellaneous Configuration - SERVER 2</name>
<type>listtopic</type>
</field>
<field>
diff --git a/config/freeradius2/freeradiussettings.xml b/config/freeradius2/freeradiussettings.xml
index 1d908ca4..78c65372 100644
--- a/config/freeradius2/freeradiussettings.xml
+++ b/config/freeradius2/freeradiussettings.xml
@@ -8,7 +8,8 @@
/* ========================================================================== */
/*
freeradiussettings.xml
- part of pfSense (http://www.pfSense.com)
+ part of pfSense (https://www.pfsense.org)
+ Copyright (C) 2014 Electric Sheep Fencing, LP
Copyright (C) 2013 Alexander Wilke <nachtfalkeaw@web.de>
All rights reserved.
@@ -98,7 +99,7 @@
</tabs>
<fields>
<field>
- <name>GENERAL CONFIGURATION</name>
+ <name>General Configuration</name>
<type>listtopic</type>
</field>
<field>
@@ -162,7 +163,7 @@
<field>
<fielddescr>Logging Destination of RADIUS</fielddescr>
<fieldname>varsettingslogdir</fieldname>
- <description><![CDATA[Choose the destination where freeRADIUS should log. This will log if service started or failed but no authentication information. (Default: radius.log)]]></description>
+ <description><![CDATA[Choose the destination where freeRADIUS will log. This will log general service information, but no authentication information. (Default: radius.log)]]></description>
<type>select</type>
<default_value>syslog</default_value>
<options>
@@ -316,7 +317,7 @@
<field>
<fielddescr>Enable Mobile-One-Time-Password</fielddescr>
<fieldname>varsettingsmotpenable</fieldname>
- <description><![CDATA[This enables the possibility to authenticate against an username and an one-time-password. The client which generates OTP can be installed on various mobile device plattforms like Android and more. If you enable this the first time we need to download and install package "bash-4.1.7" so the process will need some time. (Default: unchecked)]]></description>
+ <description><![CDATA[This enables the possibility to authenticate using a username and one-time-password. The client which generates OTP can be installed on various mobile device plattforms like Android and more. (Default: unchecked)]]></description>
<type>checkbox</type>
<enablefields>varsettingsmotptimespan,varsettingsmotppasswordattempts,varsettingsmotpchecksumtype,varsettingsmotptokenlength</enablefields>
</field>
@@ -330,14 +331,14 @@
<field>
<fielddescr>Number of invalid password attempts</fielddescr>
<fieldname>varsettingsmotppasswordattempts</fieldname>
- <description><![CDATA[After this the user will be locked out until the admin unlocks the user. (Default: 5)]]></description>
+ <description><![CDATA[After this many failed attempts, the user will be locked out until an admin unlocks the user. (Default: 5)]]></description>
<type>input</type>
<default_value>5</default_value>
</field>
<field>
<fielddescr>Hash algorithm</fielddescr>
<fieldname>varsettingsmotpchecksumtype</fieldname>
- <description><![CDATA[We build a hash of "EPOCHTIME+INIT-SECRET+PIN" and then use the digits as password. Perhaps there are some other/hardware tokens which use other hash types so you can perhaps adjust this here. But this <b>must</b> be equal on bothe sites! (Default: md5)]]></description>
+ <description><![CDATA[We build a hash of "EPOCHTIME+INIT-SECRET+PIN" and then use the digits as password. Perhaps there are some other/hardware tokens which use other hash types so you can perhaps adjust this here. This <b>must</b> be equal on both sides! (Default: md5)]]></description>
<type>select</type>
<default_value>md5</default_value>
<options>
@@ -349,12 +350,12 @@
<field>
<fielddescr>Token Password length</fielddescr>
<fieldname>varsettingsmotptokenlength</fieldname>
- <description><![CDATA[We build a hash of "EPOCHTIME+INIT-SECRET+PIN" and then use the digits 1 to 6 as password. Perhaps there are some other/hardware tokens which use other digits so you can perhaps adjust this here. But this <b>must</b> be equal on bothe sites! (Default: 1-6)]]></description>
+ <description><![CDATA[We build a hash of "EPOCHTIME+INIT-SECRET+PIN" and then use the digits 1 to 6 as password. Perhaps there are some other/hardware tokens which use other digits so you can perhaps adjust this here. This <b>must</b> be equal on both sides! (Default: 1-6)]]></description>
<type>input</type>
<default_value>1-6</default_value>
</field>
<field>
- <name>MISCELLANEOUS CONFIGURATION</name>
+ <name>Miscellaneous Configuration</name>
<type>listtopic</type>
</field>
<field>
diff --git a/config/freeradius2/freeradiussqlconf.xml b/config/freeradius2/freeradiussqlconf.xml
index bb72a07a..f8f7ebc3 100644
--- a/config/freeradius2/freeradiussqlconf.xml
+++ b/config/freeradius2/freeradiussqlconf.xml
@@ -98,7 +98,7 @@
</tabs>
<fields>
<field>
- <name>ENABLE SQL DATABASE - SERVER 1</name>
+ <name>Enable SQL Database- Server 1</name>
<type>listtopic</type>
</field>
<field>
@@ -117,7 +117,7 @@
<type>select</type>
<default_value>Disable</default_value>
<options>
- <option><name>Disbale</name><value>Disable</value></option>
+ <option><name>Disable</name><value>Disable</value></option>
<option><name>Enable</name><value>Enable</value></option>
</options>
</field>
@@ -129,7 +129,7 @@
<type>select</type>
<default_value>Disable</default_value>
<options>
- <option><name>Disbale</name><value>Disable</value></option>
+ <option><name>Disable</name><value>Disable</value></option>
<option><name>Enable</name><value>Enable</value></option>
</options>
</field>
@@ -141,7 +141,7 @@
<type>select</type>
<default_value>Disable</default_value>
<options>
- <option><name>Disbale</name><value>Disable</value></option>
+ <option><name>Disable</name><value>Disable</value></option>
<option><name>Enable</name><value>Enable</value></option>
</options>
</field>
@@ -153,12 +153,12 @@
<type>select</type>
<default_value>Disable</default_value>
<options>
- <option><name>Disbale</name><value>Disable</value></option>
+ <option><name>Disable</name><value>Disable</value></option>
<option><name>Enable</name><value>Enable</value></option>
</options>
</field>
<field>
- <name>SQL DATABASE CONFIGURATION - SERVER 1</name>
+ <name>SQL Database Configuration - Server 1</name>
<type>listtopic</type>
</field>
<field>
@@ -331,7 +331,7 @@
<field>
<fielddescr>Read Clients from Database</fielddescr>
<fieldname>varsqlconfreadclients</fieldname>
- <description><![CDATA[Set to <b>yes</b> to read radius clients from the database ('nas' table). Clients will only be read on server startup. (Default: yes)]]></description>
+ <description><![CDATA[Set to <b>yes</b> to read RADIUS clients from the database ('nas' table). Clients will only be read on server startup. (Default: yes)]]></description>
<type>select</type>
<default_value>yes</default_value>
<options>
@@ -347,7 +347,7 @@
<default_value>nas</default_value>
</field>
<field>
- <name>ENABLE REDUNDANT SQL DATABASE SUPPORT</name>
+ <name>Enable Redundant SQL Database Support</name>
<type>listtopic</type>
</field>
<field>
@@ -366,7 +366,7 @@
</options>
</field>
<field>
- <name>ENABLE SQL DATABASE - SERVER 2</name>
+ <name>Enable SQL Database - Server 2</name>
<type>listtopic</type>
</field>
<field>
@@ -385,7 +385,7 @@
<type>select</type>
<default_value>Disable</default_value>
<options>
- <option><name>Disbale</name><value>Disable</value></option>
+ <option><name>Disable</name><value>Disable</value></option>
<option><name>Enable</name><value>Enable</value></option>
</options>
</field>
@@ -397,7 +397,7 @@
<type>select</type>
<default_value>Disable</default_value>
<options>
- <option><name>Disbale</name><value>Disable</value></option>
+ <option><name>Disable</name><value>Disable</value></option>
<option><name>Enable</name><value>Enable</value></option>
</options>
</field>
@@ -409,7 +409,7 @@
<type>select</type>
<default_value>Disable</default_value>
<options>
- <option><name>Disbale</name><value>Disable</value></option>
+ <option><name>Disable</name><value>Disable</value></option>
<option><name>Enable</name><value>Enable</value></option>
</options>
</field>
@@ -421,12 +421,12 @@
<type>select</type>
<default_value>Disable</default_value>
<options>
- <option><name>Disbale</name><value>Disable</value></option>
+ <option><name>Disable</name><value>Disable</value></option>
<option><name>Enable</name><value>Enable</value></option>
</options>
</field>
<field>
- <name>SQL DATABASE CONFIGURATION - SERVER 2</name>
+ <name>SQL Database Configuration - Server 2</name>
<type>listtopic</type>
</field>
<field>
@@ -599,7 +599,7 @@
<field>
<fielddescr>Read Clients from Database</fielddescr>
<fieldname>varsqlconf2readclients</fieldname>
- <description><![CDATA[Set to <b>yes</b> to read radius clients from the database ('nas' table). Clients will only be read on server startup. (Default: yes)]]></description>
+ <description><![CDATA[Set to <b>yes</b> to read RADIUS clients from the database ('nas' table). Clients will only be read on server startup. (Default: yes)]]></description>
<type>select</type>
<default_value>yes</default_value>
<options>